You reach http://ubsphiser.com/ from a spam mail, which has a page that looks similar to your bank's. You enter your username there, and ubsphiser.com initiates a connection with ubs in real time with that information. The bank provides the challenge string to ubsphiser.com, thinking that it is you. ubsphiser.com passes on the challenge back to you, and you happily feed it into the calculator, you get a result from it which you enter naively into ubsphiser.com. Now ubsphiser.com goes back to the ubs site, and enters this piece and viola - it has your bank account now. Using a securID is basically like this, and IIRC citibank USA has already been subject to one such phishing attempt, which was reported a long time back here. I understand that you, and atleast half the/. crowd are wiser, but such security _cannot_ combat with human stupidity that we see out in the wild. If someone is stupid enough to click on all crappy links, they should deserve what they get. I hate it, when I am subject to inconveniences that the bank mandates because of all these idiots out there.
Back to the point, if UBS requires that all transactions need an additional challenge (which, my bank - HSBC India requires) you are definitely safer. But still the hacker has access to your account during the time you are on http://ubsphiser.com/ and can transfer whatever money (s)he wants . Thats the fundamental folly which most banks don't realize, or rather want to admit.
Nobody intervened to help the Tibetans, nobody intervened to help the Karelians, nobody intervened to help the Andamanese. Look them up too, the Andamanese are fascinating.
What's wrong with the Andamanese? They are part of India, and I haven't heard any racial/political conflicts there since independence. Do you have a link somewhere?
Exactly. The deceit here is the same as before, there are just more hoops (for the customer, not the phisher). The problem with authentication here is that the banks want their customers to be able to log in from anywhere in the world. You simply can't properly authenticate a computer out in the wild without some additional device, like secureid.
There is a fundamental thing that people forget - there is nothing in the technology of securid that prevents it from a MitM attack. The reason why it works in the enterprise is because you are typing in the server name into your xterm/browser/whatever. That solves the fundamental problem of connecting to the correct remote host, at which point you can use whatever auxiliary system for security - you can use s/key just as much easily and securely as securid if you are at that point.
Now, let's take the case of ebanking web sites. They have to authenticate users out in the wild. They have no way of knowing who's genuine and who's the nefarious guy. The clients have no assurance whether (s)he has typed in the correct server name - all they see is a web page that looks familiar. The fundamental problem in security is dealing with user stupidity. We haven't solved this for more than 25 centuries. Look at any physical lock or bolt - if you lose the key, you have literally tossed the access to it to anyone who gets it. On the internet, this problem is compounded by a lack of barrier to entry for the bad guy.
The way I see it, have the governments issue client certificates to all citizens, and make the users _responsible_ for its theft. Yup, imprison the clueless user if a hacker has stolen the key from them. Its a lot like real life identity thefts. I know this sounds draconian, but this is the only step that I see solving these kind of problems. The average user is a total idiot when it comes to computers, and often doesn't know when (s)he goofs up. They need a class on what (not to) do on the internet; give them that, make it clear them they are responsible for any deviations and you have the basic problem solved.
Just to point out, the _exact_ same thing happened to DVD. Once dvdcss was out, there was no easy way to flash the hundreds of players out there, so the movie companies decided to forget about it. Same for region coding - the spec was ripped out to the point where every sane company decided to turn it off by default.
I am a linux/unix admin at work, and have a linux system, which I _will_ not trade for a windows system. The IT policy in our place is simple - support will be available if you load windows. If you are on *nix, and have a problem, then STFU. It works fine because as a linux power user, I certainly can manage my system.
And yes, having windows on the desktop != having a unix. You can't manage ssh keys and custom ssh configs as easily with ssh.com and securecrt as with openssh. There is nothing like bash or perl that ships standard with windows. Ever tried setting up X forwarding on windows for that occasional unix gui application? Ever had to keep custom scripts that login to various servers for routine tasks? Ever had to script an ssh authentication script that logs into the new server just setup and copies over your ssh keys, vimrc, bashrc etc? Ever had to deal with antivirus hogging your CPU and memory? The list can be endless, but it definitely helps as an admin to have the OS of your choice.
to run parallels. microsoft could give a flying fark where you run their os, as long as you buy one.
So let's see the case of an office with 100 workers. Joe Doe working there gets a mac for his home, and loads windows using the license that he bought along with the mac. He payed the windows tax, but now he has a choice of applications and operating systems. Seeing that Joe's new notebook is cool, a couple of other users switch. Gradually the word gets along and soon enough everyone has a mac. Now what? All the users are familiar with a mac, and _if_ the office wants to switch, it sees that near zero training will be needed. With the M$ licenses that it has, there is always a possibility to run windows applications. But, more importantly, the company can any day migrate to the mac alternatives out there, and eventually, in a decade or so avoid M$ totally. That's what M$ should be thinking of right now. If more and more people switch, they are left with more options. Some of these may benefit Microsoft, but a large majority of them don't.
Radical changes that happen overnight are called revolutions. The computing industry has grown too large for that to happen. Most of the changes that are going to happen in the next 20 years or so will not be quick, they will be snail paced and gradual. Just like IPv6.
Its in the muscle power between the two companies. AMD is having issues migrating to a smaller die. Intel is already there, and they are leveraging their advantage to bring out products that AMD cannot afford to. They've bit into AMD's margins already, and if this chip gets out in the next 6 months, it will further cripple AMD's position. That's the news, the bad one.
It really doesn't matter. These are basic computing concepts, and anyone can draw up such an architecture. What's amazing about Intel is that they did it, and it looks like they have a killer chip in the making. Being an AMD guy, I hate to say that Intel is making me convert - and I not ready to forgive them for the P4 pipeline design.
But all in all, its good news - now let's see what the other camp comes up with that will be 45 nm ready.
However, I have seen a computer that was in the form factor you speak of. Was at a friend's house. Can't remember the manufacturer of it though....unfortunately. It looked pretty nifty.
We're talking from an isolated view here. I do not know the actual scene in Moscow, but if the only job available to me as a skilled professional was malware coding, I may not see anything unethical in it. In fact, if things are as bad as they are shown to be, I don't think many people in Russia would be averse to accepting a job like that. It would be, like piracy, a way of life.
Also, keep in mind that in both our cases, there is no omnipresent mafia. But assuming there was one, and that it's hands were stronger than the govt's, just how much do you think you can escape from it?
Building a future for your family by forever being under the thumb of the Russian mafia? Please.
Let's see. For the point of this discussion, let's assume that you are in russia and that you have kids to feed. What would you do - would you have them starve, or pick up the _only_ good paying job available to you?
Ethics and ideals are fine and good. When it comes to subsistence, a lot of people make stupid choices. I tell this because while things have improved a lot in India, there used to be a time decades ago when people literally did not have food for the entire family - where mothers used to go starving so that the children did not have to be hungry. I've heard about it firsthand, and I've seen pain in their eyes when they recollect it. They also add in that if there was anything to steal, people would simply have grabbed them. That's what the need for basic survival does - to you, me and everyone else.
I do not sympathise with the Russian reverse engineers, but I can certainly understand the economic conditions that could have driven them to it.
The good thing is that google is waging the war against the mafiaa rather than you and me. File sharing and DCMA are totally different things, but I'll welcome any adversary against the *AA. If they are clipped off from both sides (content and consumers) some good might come out of it.
Face it, google is the best corporation to take this law suit along, much better than say Apple or Microsoft. I agree they aren't perfect, but for all the things that they do, they simply are one of the better choices.
Exactly. The TFA talks about BMW and how much it has the automobile segment's share. The equivalent of the BMW in the computing industry are the Sun E-series, IBM mainframes etc... Each of these companies make a large and decent profit on each sale of their machine. And Dell ??? I'd rate their's as 15-20$ max per pc/laptop sold - they have to price their products competitively or else they die.
The whole point of the article wasn't about alternate markets. But you cannot bring in linux/[insert your favourite alternate OS] to the pciture because of a simple problem - the software isn't tied or bundled with the hardware. The casual linux user, the geek/poweruser who dual boots into linux once every week is much higher. I say this as a fact because almost every friend that I have in to 20-30 age group has a dual boot setup. Whether they use it or not is a different question, but they _do_ contribute to the install base, which is the million dollar question that the TFA raises.
Where does linux, *BSD and Solaris/x86 come in this picture? Tracking software popularity on the basis of hardware sales are very absurd. You cannot attributeevery sale of a PC to windows. I agree that the alternate market may pale in comparison, but there has to a good 1 or 2% of computers running linux.
Also, the luxury segment in the computer industry is the server, and window's/OSX's share isn't worth mentioning. In fact, the more higher end you go, it all starts moving away from the x86 market. The sales numbers there will questionable, but the profit margins aren't.
I dont understand, all that godaddy does is manage dns, web servers for parking space and basic MX services. How can someone fuck up with this kind of setup? Even if DST patches are off the only problem that i see is with
1. DNS TTLs being incorrect. 2. Your mail showing incorrect time 3. Web server logs (who analyzes these anyway) showing an incorrect time.
How can any or all of these bring down a site. WTF?
Slashdot Mirror
It doesn't. Let's take this case.
/. crowd are wiser, but such security _cannot_ combat with human stupidity that we see out in the wild. If someone is stupid enough to click on all crappy links, they should deserve what they get. I hate it, when I am subject to inconveniences that the bank mandates because of all these idiots out there.
You reach http://ubsphiser.com/ from a spam mail, which has a page that looks similar to your bank's. You enter your username there, and ubsphiser.com initiates a connection with ubs in real time with that information. The bank provides the challenge string to ubsphiser.com, thinking that it is you. ubsphiser.com passes on the challenge back to you, and you happily feed it into the calculator, you get a result from it which you enter naively into ubsphiser.com. Now ubsphiser.com goes back to the ubs site, and enters this piece and viola - it has your bank account now. Using a securID is basically like this, and IIRC citibank USA has already been subject to one such phishing attempt, which was reported a long time back here. I understand that you, and atleast half the
Back to the point, if UBS requires that all transactions need an additional challenge (which, my bank - HSBC India requires) you are definitely safer. But still the hacker has access to your account during the time you are on http://ubsphiser.com/ and can transfer whatever money (s)he wants . Thats the fundamental folly which most banks don't realize, or rather want to admit.
Now, let's take the case of ebanking web sites. They have to authenticate users out in the wild. They have no way of knowing who's genuine and who's the nefarious guy. The clients have no assurance whether (s)he has typed in the correct server name - all they see is a web page that looks familiar. The fundamental problem in security is dealing with user stupidity. We haven't solved this for more than 25 centuries. Look at any physical lock or bolt - if you lose the key, you have literally tossed the access to it to anyone who gets it. On the internet, this problem is compounded by a lack of barrier to entry for the bad guy.
The way I see it, have the governments issue client certificates to all citizens, and make the users _responsible_ for its theft. Yup, imprison the clueless user if a hacker has stolen the key from them. Its a lot like real life identity thefts. I know this sounds draconian, but this is the only step that I see solving these kind of problems. The average user is a total idiot when it comes to computers, and often doesn't know when (s)he goofs up. They need a class on what (not to) do on the internet; give them that, make it clear them they are responsible for any deviations and you have the basic problem solved.
Just to point out, the _exact_ same thing happened to DVD. Once dvdcss was out, there was no easy way to flash the hundreds of players out there, so the movie companies decided to forget about it. Same for region coding - the spec was ripped out to the point where every sane company decided to turn it off by default.
This is /. If you are explaining something, please use a car in your discussion.
Hmm, I could suggest a virtualdub clone or another amazing program if you still want to give linux a try.
change the way I search for Natalie Portman p0rn?
I'd eat all that, if it were a burger or something. :)
I am a linux/unix admin at work, and have a linux system, which I _will_ not trade for a windows system. The IT policy in our place is simple - support will be available if you load windows. If you are on *nix, and have a problem, then STFU. It works fine because as a linux power user, I certainly can manage my system.
And yes, having windows on the desktop != having a unix. You can't manage ssh keys and custom ssh configs as easily with ssh.com and securecrt as with openssh. There is nothing like bash or perl that ships standard with windows. Ever tried setting up X forwarding on windows for that occasional unix gui application? Ever had to keep custom scripts that login to various servers for routine tasks? Ever had to script an ssh authentication script that logs into the new server just setup and copies over your ssh keys, vimrc, bashrc etc? Ever had to deal with antivirus hogging your CPU and memory? The list can be endless, but it definitely helps as an admin to have the OS of your choice.
Radical changes that happen overnight are called revolutions. The computing industry has grown too large for that to happen. Most of the changes that are going to happen in the next 20 years or so will not be quick, they will be snail paced and gradual. Just like IPv6.
Its in the muscle power between the two companies. AMD is having issues migrating to a smaller die. Intel is already there, and they are leveraging their advantage to bring out products that AMD cannot afford to. They've bit into AMD's margins already, and if this chip gets out in the next 6 months, it will further cripple AMD's position. That's the news, the bad one.
It really doesn't matter. These are basic computing concepts, and anyone can draw up such an architecture. What's amazing about Intel is that they did it, and it looks like they have a killer chip in the making. Being an AMD guy, I hate to say that Intel is making me convert - and I not ready to forgive them for the P4 pipeline design.
But all in all, its good news - now let's see what the other camp comes up with that will be 45 nm ready.
No, this guy is new here.
We're talking from an isolated view here. I do not know the actual scene in Moscow, but if the only job available to me as a skilled professional was malware coding, I may not see anything unethical in it. In fact, if things are as bad as they are shown to be, I don't think many people in Russia would be averse to accepting a job like that. It would be, like piracy, a way of life.
Also, keep in mind that in both our cases, there is no omnipresent mafia. But assuming there was one, and that it's hands were stronger than the govt's, just how much do you think you can escape from it?
Hmm, are you a friend of Essjay?
Let's see. For the point of this discussion, let's assume that you are in russia and that you have kids to feed. What would you do - would you have them starve, or pick up the _only_ good paying job available to you?
Ethics and ideals are fine and good. When it comes to subsistence, a lot of people make stupid choices. I tell this because while things have improved a lot in India, there used to be a time decades ago when people literally did not have food for the entire family - where mothers used to go starving so that the children did not have to be hungry. I've heard about it firsthand, and I've seen pain in their eyes when they recollect it. They also add in that if there was anything to steal, people would simply have grabbed them. That's what the need for basic survival does - to you, me and everyone else.
I do not sympathise with the Russian reverse engineers, but I can certainly understand the economic conditions that could have driven them to it.
The good thing is that google is waging the war against the mafiaa rather than you and me. File sharing and DCMA are totally different things, but I'll welcome any adversary against the *AA. If they are clipped off from both sides (content and consumers) some good might come out of it.
Face it, google is the best corporation to take this law suit along, much better than say Apple or Microsoft. I agree they aren't perfect, but for all the things that they do, they simply are one of the better choices.
RTFA. This one is about Sonny.
Exactly. The TFA talks about BMW and how much it has the automobile segment's share. The equivalent of the BMW in the computing industry are the Sun E-series, IBM mainframes etc... Each of these companies make a large and decent profit on each sale of their machine. And Dell ??? I'd rate their's as 15-20$ max per pc/laptop sold - they have to price their products competitively or else they die.
The whole point of the article wasn't about alternate markets. But you cannot bring in linux/[insert your favourite alternate OS] to the pciture because of a simple problem - the software isn't tied or bundled with the hardware. The casual linux user, the geek/poweruser who dual boots into linux once every week is much higher. I say this as a fact because almost every friend that I have in to 20-30 age group has a dual boot setup. Whether they use it or not is a different question, but they _do_ contribute to the install base, which is the million dollar question that the TFA raises.
Where does linux, *BSD and Solaris/x86 come in this picture? Tracking software popularity on the basis of hardware sales are very absurd. You cannot attributeevery sale of a PC to windows. I agree that the alternate market may pale in comparison, but there has to a good 1 or 2% of computers running linux.
Also, the luxury segment in the computer industry is the server, and window's/OSX's share isn't worth mentioning. In fact, the more higher end you go, it all starts moving away from the x86 market. The sales numbers there will questionable, but the profit margins aren't.
Nevertheless, TFA is a very interesting read.
Ah, so you are the guy who sends me all that literature spam.
I hate to break your dream ride, but one of the founders is a Russian.
I dont understand, all that godaddy does is manage dns, web servers for parking space and basic MX services. How can someone fuck up with this kind of setup? Even if DST patches are off the only problem that i see is with
1. DNS TTLs being incorrect.
2. Your mail showing incorrect time
3. Web server logs (who analyzes these anyway) showing an incorrect time.
How can any or all of these bring down a site. WTF?
Must be the DST patches.